LoginID assinged to a session variable.

Forum|Forum|16 years ago
June 19, 2009
1 reply
879 views

I was wondering is it possible to assign CFlogin.username to a session ID?

I am matching SessionID with my authorized users list which allows them the access the intranet page.

I am unable to assign the values since I believ my Application.cfm and Auth.cfm(which checks the users list=session.USRID) runs before my login form. Any simple way or achieving CFlogin.username to a session ID(JsessionID,CFID ) at the time of cflogin input?

This topic has been closed for replies.

A

Anonymous

Do you have access to the Auth page where the cflogin is present? If so, wouldn't it be ideal to set the Session variable after the user authenticates?

A

Anonymous

Actually that is what I am trying to do but Session does not seem to carry value to my Security.cfm page. Assuming Session are defined in Application.cfm correctly.And I am trying to use J2EE session.jsessionID but donot know how can it be helpful to carry my userId to security.cfm.

LDAP_Auth.cfm

(Authenticate page which checks userId/Password (works grt) on the same page I am assigning cflogin.name to session.USERID)

        <cfdump var="#session#" >

                              <cflocation addtoken="no" url="../index.cfm"> (index then calls a page Security.cfm before giving access which checks users list against the session variable )

Security.cfm

So If you can suggest me a code or valuable information just how to pass the value once I pass UserID to my security.cfm so that it matches session.USERID=cflogin.username and then I can get access to intranet page. When I hardcode my name in Session.USERID it works fine, seems like only passing a value is the issue now.

A

Anonymous

Once the login ID is set in a session variable, that variable will remain there unless it is removed by code deleting the structure key, or if the session has times out.

I am assuming in your Application file, you have sessionmanagement=yes". The default value is no, so if this attribute isn't provided in the <cfapplication> tag, then I don't think it will work. I've never tried. I am just going by the docs.

One thing I notice is that Security file, you are assigning the session.userID value to session.userID. You are assigned a value to itself so that's not what you want.

It seems as though you are using LDAP judging by your filename (which I have no experience with), but here is my snipped of code I use for my login:

     <!--- [START] Login script --->
     <cflogin idletimeout="1800">
     
          <!--- Now test the credentials against the query --->
          <cfquery name="qryLogin" datasource="#application.dsn.getDSN()#">
          SELECT     *
          FROM      User
          WHERE      Username = <cfqueryparam value="#form.username#" cfsqltype="cf_sql_varchar"> AND
                    Password = <cfqueryparam value="#Hash(form.password)#" cfsqltype="cf_sql_varchar">
          </cfquery>
          
          <!--- If the query has a RecordCount, the user was logged in --->
          <cfif qryLogin.RecordCount>
               <cfloginuser name="#qryLogin.UserID#, #qryLogin.Username#" password="#Form.Password#" roles="#trim(ValueList(qryLogin.Roles))#">
               
                    <cfset session.userID = qryLogin.UserID>
                    <cfset session.username = qryLogin.Username>
                    <cfset session.userRoles = trim(ValueList(qryLogin.Roles))>
               
               <cfset loggedIn = true>
               <cfset reqLogin = false>
          
          <!--- If the login wasn't successful, take the user back to the page with a message --->
          <cfelse>
               <cfset loggedIn = false>
               <cfinclude template="/login.cfm">
          </cfif>
     
     </cflogin>

Let me know if this helps at all.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded